An Enhanced Automated Signature Generation Algorithm for Polymorphic Malware Detection

Polymorphic malware is a secure menace for application of computer network systems because hacker can evade detection and launch stealthy attacks. In this paper, a novel enhanced automated signature generation （EASG） algorithm to detect polymorphic malware is proposed. The EASG algorithm is composed of enhanced-expectation maximum algorithm and enhanced K-means clustering algorithm. In EASG algorithm, the fixed threshold value is replaced by the decision threshold of interval area. The false positive ratio can be controlled at low level, and the iterative operations and the execution time are effectively reduced. Moreover, the centroid updating is realized by application of similarity metric of Mahalanobis distance and incremental learning. Different malware group families are partitioned by the centroid updating.

An Algorithm for Generation of Attack Signatures Based on Sequences Alignment

This paper presents a new algorithm for generation of attack signatures based on sequence alignment. The algorithm is composed of two parts: a local alignment algorithm-GASBSLA (Generation of Attack Signatures Based on Sequence Local Alignment) and a multi-sequence alignment algorithm-TGMSA (Tri-stage Gradual Multi-Sequence Alignment). With the inspiration of sequence alignment used in Bioinformatics, GASBSLA replaces global alignment and constant weight penalty model by local alignment and affine penalty model to improve the generality of attack signatures. TGMSA presents a new pruning policy to make the algorithm more insensitive to noises in the generation of attack signatures. In this paper, GASBSLA and TGMSA are described in detail and validated by experiments.

Generating Rule-Based Signatures for Detecting Polymorphic Variants Using Data Mining and Sequence Alignment Approaches

Antiviral software systems (AVSs) have problems in detecting polymorphic variants of viruses without specific signatures for such variants. Previous alignment-based approaches for automatic signature extraction have shown how signatures can be generated from consensuses found in polymorphic variant code. Such sequence alignment approaches required variable length viral code to be extended through gap insertions into much longer equal length code for signature extraction through data mining of consensuses. Non-nested generalized exemplars (NNge) are used in this paper in an attempt to further improve the automatic detection of polymorphic variants. The important contribution of this paper is to compare a variable length data mining technique using viral source code to the previously used equal length data mining technique obtained through sequence alignment. This comparison was achieved by conducting three different experiments (i.e. Experiments I-III). Although Experiments I and II generated unique and effective syntactic signatures, Experiment III generated the most effective signatures with an average detection rate of over 93%. The implications are that future, syntactic-based smart AVSs may be able to generate effective signatures automatically from malware code by adopting data mining and alignment techniques to cover for both known and unknown polymorphic variants and without the need for semantic (run-time) analysis.

Random-injection-based two-channel chaos with enhanced bandwidth and suppressed time-delay signature by mutually coupled lasers: Proposal and numerical analysis

Simultaneous bandwidth(BW) enhancement and time-delay signature(TDS) suppression of chaotic lasing over a wide range of parameters by mutually coupled semiconductor lasers(MCSLs) with random optical injection are proposed and numerically investigated. The influences of system parameters on TDS suppression(characterized by autocorrelation function(ACF) and permutation entropy(PE) around characteristic time) and chaos BW are investigated. The results show that, with the increasing bias current, the ranges of parameters(detuning and injection strength) for the larger BW(> 20 GHz) are broadened considerably, while the parameter range for optimized TDS(< 0.1) is not shrunk obviously.Under optimized parameters, the system can simultaneously achieve two chaos outputs with enhanced BW(> 20 GHz)and perfect TDS suppression. In addition, the system can generate two-channel high-speed truly physical random number sequences at 200 Gbits/s for each channel.

Exploring the Effects of Gap-Penalties in Sequence-Alignment Approach to Polymorphic Virus Detection

Antiviral software systems (AVSs) have problems in identifying polymorphic variants of viruses without explicit signatures for such variants. Alignment-based techniques from bioinformatics may provide a novel way to generate signatures from consensuses found in polymorphic variant code. We demonstrate how multiple sequence alignment supplemented with gap penalties leads to viral code signatures that generalize successfully to previously known polymorphic variants of JS. Cassandra virus and previously unknown polymorphic variants of W32.CTX/W32.Cholera and W32.Kitti viruses. The implications are that future smart AVSs may be able to generate effective signatures automatically from actual viral code by varying gap penalties to cover for both known and unknown polymorphic variants.

Fast Confidentiality-Preserving Authentication for Vehicular Ad Hoc Networks

This paper studies the existing problems of message authentication protocols in vehicular ad hoc networks(VANETs) due to their significance in the future of commuting and transportation. Our contribution has been devoted to implementing a new protocol for VANETs so that inherent security problems in past works are resolved. Exclusive security measures have been considered for the system which protects the users against threat of any attack. The new protocol shows a great hardness guaranteed by certificate based 80 bit security which assures messages to remain confidential in any time. Also, new unprecedented features like V2 X which improves system performance effectively have been instantiated. The simulation results indicate that message signature generation and verification both take place in much less time than present comparable rival protocols.

Sequencing of 231 forensic genetic markers using the MiSeq FGxTM forensic genomics system-an evaluation of the assay and software

The MiSeq FGx^(TM) Forensic Genomics System types 231 genetic markers in one multiplex polymerase chain reaction (PCR) assay.The markers include core forensic short tandem repeats (STRs) as well as identity,ancestry and phenotype informative short nucleotide polymorphisms (SNPs).In this work,the MiSeq FGx^(TM) Forensic Genomics System was evaluated by analysing reproducibility,sensitivity,mixture identification and forensic phenotyping capabilities of the assay.Furthermore,the genotype calling of the ForenSeq^(TM) Universal Analysis Software was verified by analysing fastq.gz files from the MiSeq FGx^(TM) platform using the softwares STRinNGS and GATK.Overall,the performance of the MiSeq FGx^(TM) Forensic Genomics System was high.However,locus and allele drop-outs were relatively frequent at six loci (two STRs and four human identification SNPs) due to low read depth or skewed heterozygote balances,and the stutter ratios were larger than those observed with conventional STR genotyping methods.The risk of locus and allele drop-outs increased dramatically when the amount of DNA in the first PCR was lower than 250 pg.Two-person 50∶1 mixtures were identified as mixtures,whereas 100∶1 and 1000∶1 mixtures were not.Y-chromosomal short tandem repeats (Y-STRs) alleles were detected in the 100∶1 and 1000∶1 female/male mixtures.The ForenSeq^(TM) Universal Analysis Software provided the data analyst with useful alerts that simplified the analysis of the large number of markers.Many of the alerts were due to user-defined,locus-specific criteria.The results shown here indicated that the default settings should be altered for some loci.Also,recommended changes to the assay and software are discussed.